Command environment
Since environment variables can influence program behavior, sudoers pro-
vides a means to restrict which variables from the user's environment are
inherited by the command to be run. There are two distinct ways sudoers
can deal with environment variables.
By default, the env_reset option is enabled. This causes commands to be
executed with a new, minimal environment. On AIX (and Linux systems
without PAM), the environment is initialized with the contents of the
/etc/environment file. The new environment contains the TERM, PATH,
HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in addi-
tion to variables from the invoking process permitted by the env_check
and env_keep options.
This is effectively a whitelist for environment
variables. Environment variables with a value beginning with () are
removed unless both the name and value parts are matched by env_keep or
env_check, as they will be interpreted as functions by older versions of
the bash shell. Prior to version 1.8.11, such variables were always
removed.
If, however, the env_reset option is disabled, any variables not explic-
itly denied by the env_check and env_delete options are inherited from
the invoking process. In this case, env_check and env_delete behave like
a blacklist. Environment variables with a value beginning with () are
always removed, even if they do not match one of the blacklists.
Since
it is not possible to blacklist all potentially dangerous environment
variables, use of the default env_reset behavior is encouraged.
Partager